FreeBSD : FreeBSD -- rtsold(8) remote buffer overflow vulnerability (72ee7111-6007-11e6-a6c3-14dae9d210b8)

Critical Nessus Plugin ID 92908


The remote FreeBSD host is missing one or more security-related updates.


Due to a missing length check in the code that handles DNS parameters, a malformed router advertisement message can result in a stack buffer overflow in rtsold(8). Impact : Receipt of a router advertisement message with a malformed DNSSL option, for instance from a compromised host on the same network, can cause rtsold(8) to crash.

While it is theoretically possible to inject code into rtsold(8) through malformed router advertisement messages, it is normally compiled with stack protection enabled, rendering such an attack extremely difficult.

When rtsold(8) crashes, the existing DNS configuration will remain in force, and the kernel will continue to receive and process periodic router advertisements.


Update the affected packages.

See Also

Plugin Details

Severity: Critical

ID: 92908

File Name: freebsd_pkg_72ee7111600711e6a6c314dae9d210b8.nasl

Version: $Revision: 2.1 $

Type: local

Published: 2016/08/12

Modified: 2016/08/12

Dependencies: 12634

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:FreeBSD, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info, Settings/ParanoidReport

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2016/08/11

Vulnerability Publication Date: 2014/10/21

Reference Information

CVE: CVE-2014-3954

BID: 70694

FreeBSD: SA-14:20.rtsold